Baby clothing giant Carter’s exposed trove of shoppers data

The Linc system delivered shortened URLs with Carter’s purchases and shipping data without any appropriate security protections. By modifying the Linc generated URLs, it became possible to access backend JSON data revealing even more customer details, which the confirmation pages didn’t expose, like full names, phone numbers, and delivery addresses of Carter’s customers.

Read full article on HackRead

 


Date:

Categorie(s):

Tag(s):